Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
I am novice to php-mysql ...please help me to rectify the syntax error
the error is:
Parse error: syntax error, unexpected T_VARIABLE in /home/u831097172/public_html/php/update.php on line 13
line 13:
UPDATE $tbl_name SET password= '$password' WHERE email='$email';
maybe you mean something like
$query = "UPDATE $tbl_name SET password = '$password' WHERE email='$email'";
remeber to add slashes to your $password and $email variable to avoid sql-injection
I think you should learn directly with statements:
$mysqliConnection = new mysqli($SERVER, $USER, $PW, $TABLE);
$stmt = mysqliConnection->prepare("UPDATE ? SET password = ? WHERE email = ?");
$stmt->bind_param("sss", $tbl_name, $password, $email);
$stmt->execute();
Here's the doc :) http://es1.php.net/manual/en/mysqli.prepare.php
Are the variables filled?
Maybe its better you make
$query = "UPDATE " . $tbl_name . " SET password='" . $password . "'
WHERE email='" . $email . "'";
And then you can check simple if you print the String out. There you can see if your variables are filled:
print_r($query);
You have your variable $tbl_name not in quotes $tbl_name has to be '$tbl_name'
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
My php code is
<?php
require "conn.php";
$user_name = "";
$user_pass = "";
$mysql_qry = "select * from logindetails where User_id like '$user_name' and
Password '$user_pass';"
$result = mysqli_query($conn ,$mysql_qry);
if(mysqli_num_rows($result) > 0){
echo "login success";
}
else{
echo "login not success";
}
?>
error is Parse error: syntax error, unexpected '$result' (T_VARIABLE) in C:\xampp\htdocs\login.php on line 6
you have misplaced the semicolon, add semicolon at the end of the query and use '=' after password
$mysql_qry = "select * from logindetails where User_id like '$user_name' and
Password = '$user_pass'";
it's nothing.. you just misplaced semicolon.
just change this
$mysql_qry = "select * from logindetails where User_id like '$user_name' and
Password '$user_pass';"
to this.
$mysql_qry = "select * from logindetails where User_id like '$user_name' and
Password '$user_pass'";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I am getting an error in select query line. Here it is:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE),
expecting identifier (T_STRING) or variable (T_VARIABLE) or number
(T_NUM_STRING
And the code:
<?php
include('dbconnection.php');
$sql = "select * from 'user' where id ='.$_REQUEST['id'].' ";
$result = mysql_query( $sql);
if(!$result )
{
die('Could not enter data: ' . mysql_error());
}
$sql="select * from `user` where id ='".$_REQUEST['id']."' ";
This will solves your problem But look mysqli_query to limit your SQL-injection vulnerability.
Replace query:
$sql="select * from 'user' where id ='.$_REQUEST['id'].' ";
with:
$sql="select * from `user` where id =".$_REQUEST['id']."";
You can try this:
$id = (int) $_REQUEST['id']; // interger value
$sql = "select * from `user` where id = '$id' ";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
hi i am getting this error though i tried to change the new to i am stil getting this problem can anyone tell me what should i do. I have completely changed the page also database but still same error.
error>
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''calendar_admin' WHERE teacher_id='ipcst123' and password='a141c47927929bc2d1fb6'
at line 1
my code >
<?php
$username=$_POST['teacherId'];
$password=$_POST['password'];
$password=md5($password);
try {
$bdd = new PDO('mysql:host=localhost;dbname=XXX', 'XXX', 'XXX');
} catch(Exception $e) {
exit('Unable to connect to database.');
}
$query ="SELECT * FROM 'calendar_admin' WHERE teacher_id="."'".$username."' and password="."'".$password."' ";
$resultat = $bdd->query($query) or die(print_r($bdd->errorInfo()));
$res = $resultat->fetchAll(PDO::FETCH_ASSOC);
foreach($res as $result){
$pass=md5($password);
$user=$result["teacher_id"];
if ($pass==$result["password"]&& $username == $user ){
echo "login Success";
session_start();
$_SESSION['teacher_id'] = $username;
header('Location:/addEvents.php');
}else{
header('Location:/login.php');
//echo "Incorrect Password";
}
}
You should use backticks instead of single quotes :
$query ="SELECT * FROM `calendar_admin` WHERE teacher_id='".$username."' and `password`='".$password."' ";
or just remove them
$query ="SELECT * FROM calendar_admin WHERE teacher_id='".$username."' and `password`='".$password."' ";
And since you use PDO, you should bind parameters, but not concatenate them into the query:
$query ="SELECT * FROM calendar_admin WHERE teacher_id= :teacher and `password`= :password ";
$sth = $bdd->prepare($query);
$sth->bindParam(':teacher',$username);
$sth->bindParam(':password',$password);
$sth->execute();
$res = $sth->fetchAll(PDO::FETCH_ASSOC);
Around column and table names has to be backticks, not single quotes. O rnothing if the names aren't from reserved words (or spaces, or hyphens, or anything else that MySQL will scream about, #Fred -ii- in comments below):
`calendar_admin`
The full query:
$query ="SELECT *
FROM `calendar_admin`
WHERE teacher_id = '" . $username . "' AND
password = '" . $password . "'";
Don't forget to escape data from user inputs.
$query = "
SELECT *
FROM calendar_admin
WHERE teacher_id = '$username'
AND password = '$password';
";
Next, take a look at prepared statements
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
$username = stripslashes($username);
// check if usernames exists
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name = $username";
if ($result = mysqli_query($pdo,$sql)) {
$row = mysqli_num_rows($result);
// if yes, fetch the encrypted password
You are missing quotes around the string value:
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name = '$username'";
If you are using mysqli, why limit yourself to manually sanitizing your inputs? MysqlI has prepared statements to handle and format your query correctly.
$Conn = new mysqli("host","user","pass","database");
$Query = $Conn->prepare("SELECT Login_Name FROM memberdirectory WHERE Login_name=?");
$Query->bind_param('s',$username);
$Query->execute();
$Query->fetch();
$Row_Number = $Query->num_rows;
$Query->close(); // close the connection. Always a benefit and can save you complications later down the line
Then validate:
if ($Row_Number > 0){
} // Example only.
$username = stripslashes($username);
$sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name =".$username;
if ($result = mysqli_query($pdo,$sql)) {
$row = mysqli_num_rows($result);
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 9 years ago.
Improve this question
Well please help to correct syntax fo the following code. I have to select 2 values from one table and insert them in another table. one value is taking from PHP variable.this all needs to be done using Opencart model file
$this->db->query("UPDATE " . DB_PREFIX . "rate_cost SET rate_cost = " . $this->db->escape($data['rate_cost']) );
$sql = "SELECT DISTINCT competition_rate, customer_id FROM " . DB_PREFIX . "customer WHERE competition_rate NOT LIKE 0";
$query = $this->db->query($sql);
$rates = array();
$customer_ids = array();
foreach($query->row['competition_rate'] as $result){
$rates[] = $result * $data['name'];
}
foreach($query->row['customer_id'] as $result2){
$customer_ids[] = $result2;
}
$sums = $rates;
$ids = $customer_ids;;
$sql = ("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES'".$ids.",".$sums"'");
}
I am getting the folowing error:
Parse error: syntax error, unexpected '"'"' (T_CONSTANT_ENCAPSED_STRING) in C:\xampp\htdocs\sport\admin\model\competition\newsletter.php on line 18
You have some syntax errors in your $sql query, the correct syntax for INSERT query is
INSERT INTO table (columns) VALUES ('values');
So youre missing paranthesis for your values and you dind't surround correctly with quotes. So change as follow
VALUES ('".$ids."','".$sums"')");
So the complete query will look like that
("INSERT INTO 'customer_transaction'(customer_id,amount) VALUES ('".$ids."','".$sums"')");